Hi @tiendabs, thanks for getting in touch!
We have many customers successfully using Wordfence with Cloudflare but there are some extra settings that need to be considered for both. I’ll provide them below for you.
- Login to Cloudflare
- Go to “Firewall”
- Click the “Firewall Rules” tab
- Click “Create a Firewall rule”
- Name the rule under “Rule Name”
- Set the “Field” under “When incoming requests match…” to “IP Address”
- Enter your site’s IP address under “Value”
- At the bottom, under “Then…Choose an action” change “Block” to “Allow”
- Click “Deploy”
In the Cloudflare firewall as highlighted above, some customers have also had to allow our IPs under certain scenarios. Those can be found for your reference here.
Finally, in Wordfence > Dashboard > Global Options > General Wordfence Options > How does Wordfence get IPs, you will most likely need to select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”. That will be the setting you need to use going forward, so click the SAVE button once you’re done.
You can find your public facing IP address at: https://www.whatsmyip.org/
There’s some further information around this here: https://www.wordfence.com/help/dashboard/options/#general-wordfence-options
Let me know how that goes and I’m happy to look further into any issues you have if they crop up.
Thanks,
Peter.
